This article is more than 1 year old

When is a phone not a phone? When it's an Android security key

Google Cloud product deluge spans security, analytics and AI

People with suitably modern Android phones can now use their handsets as a hardware security key to safeguard both their Google Accounts and Google Cloud accounts.

The ads and compute-time rental biz announced the change at Google Cloud Next '19 in San Francisco, in conjunction with some hand waving about a variety of other security tools tied to the Google Cloud Platform.

"We're essentially allowing multifactor authentication using your Android device as a security key, so you don't need a separate device," said Jennifer Lin, director of security for Google Cloud, at a press briefing on Tuesday.

Android phones can now serve as the second factor in two-factor authentication, where the first factor is something you know – a password – and the second is something you have – a hardware security key or apps that generate codes.

To turn their devices into key conveyors, Google account holders need an Android 7.0+ phone, with Bluetooth active, and a Bluetooth-enabled ChromeOS, macOS or Windows 10 computer running a Chrome browser. Google also recommends having a second hardware security key as a backup, in case one gets lost, stolen or unexpectedly smashed to bits in a fit of rage.

Google has taken to referring to this as two-step verification, which is one element of the company's Advanced Protection program for those at risk of being targeted by hackers. The Advanced Protection program relies on two-step verification with a physical security key instead of a code generated by an authenticator app or delivered to a device via SMS or email. In addition, it limits access to data by apps and imposes additional account recovery challenges.

The Chocolate Factory also unveiled several other security focused initiatives for the Google Cloud Platform. Access Transparency, now available for G Suite Enterprise, provides "near real-time logs" when Google Cloud Platform administrators interact with G Suite data, because companies want to know such things for compliance and auditing. There's also Access Approval, introduced in December, to grant permission for Google workers to access GCP data.

GCP's Data Loss Prevention console has entered beta status, offering a way to find and redact sensitive data. The Cloud Security Command Center, which debuted last year, has matured to general availability. It provides security and risk management capabilities for various GCP services.

Google also launched early versions of several threat identification services: Event Threat Detection, a log scanner, entered beta; Security Health Analytics, a scanner for open storage buckets, ports, and stale keys, among other things, entered alpha.

Cloud Security Scanner, which looks for cross-site scripting clear-text passwords, and vulnerable code libraries in GCP apps, hit general availability for App Engine and beta for Google Kubernetes Engine (GKE) and Compute Engine; and GCP Marketplace added security vendor integrations from the likes of Capsule8, Cavirin, Chef, McAfee, Redlock, Stackrox,, and Twistlock.

OK, OK, we get it - it's reasonably secure

Looking beyond security, Alphabet's main money maker announced Cloud SQL for Microsoft SQL Server, a fully managed version of Microsoft SQL Server on GCP. This is in addition to self-service SQL Server deployment on Google Compute Engine, via an existing Microsoft license or one resold through Google.

Meanwhile, Google Cloud now has a speciality shop, Google Cloud for Retail, not to mention new partnerships with Accenture and Deloitte to help enterprises integrate Googly tech.

The biz teased various storage developments including "a new class of storage for data that’s ice cold," which is to say an archive class for Cloud Storage that can't be called Glacier or Deep Glacier because AWS got to those names first. Coming later this year, it will be available as an alternative to tape storage, at $0.0012 per GB per month ($1.23 per TB per month).

GCP's data analytics offerings received attention with a slew of data migration, business intelligence, prediction and governance refinements. Among the more interesting is Cloud Data Fusion (beta), a managed data integration service for fetching data from various sources, combining everything and handing the wadge off to BigQuery for analysis. Also, Google made Sheets more interesting with connected sheets, a way to make its online spreadsheet serve as a front-end for BigQuery data sets.

Unavoidably, there was much fuss made over AI-oriented services, which pretty much every tech company today talks about ad nauseam. Google launched the beta version of an integrated AI platform, unexpectedly called AI Platform, that aims to help companies set up, build, run and manage machine learning projects.

It's intended to complement the company's existing AI Hub, which is more of a repository for AI components. No mention was made of AI Shoppe, AI Shack or AI Sluice, but perhaps next year.

Google Cloud Next '19

Google Cloud flashes flower power in bid to realize 'write once, run anywhere' dream


The cloud confectionary's AutoML sweets look enticing but aren't yet fully baked: AutoML Tables (beta), AutoML Video Intelligence (beta), AutoML Vision Edge (beta) and Object detection (beta), AutoML Natural Language custom entity extraction (beta) and custom sentiment analysis (beta).

G Suite saw some tweaks, notably the ability to have Google Assistant access users' calendar entries and the pending availability of Hangouts Chat (a.k.a Google's interpretation of Slack) in Gmail. And there were networking announcements, too.

Developers even received some attention with the debut of Cloud Code, a set of plugins for IntelliJ and Visual Studio Code that make it easier to write code locally that can launch containerized apps via Google Kubernetes Engine. ®

More about


Send us news

Other stories you might like